[security-dev] Database driven Java Keystore

Anil Saldhana Anil.Saldhana at redhat.com
Tue Aug 21 12:44:59 EDT 2012


Hi all,
  you are familiar with the file based standard Java keystore. KeyTool 
is a command line utility to deal with the standard keystore.

The challenges with a file based keystore are plenty:
a) Each node in a cluster needs to have a local copy. NFS based keystore 
does solve this problem.
b) Updates to keystore need to be done with each copy in a cluster.

I put in a DB backed keystore that is standalone with dependence on 
Bouncycastle jars alone.
https://docs.jboss.org/author/display/SECURITY/Java+Keystores

There are multiple TBD items listed on the page.

There is a master salt.  It is used to MD5 hash+salt the keystore 
password (master password) and also individual key passwords.

Feedback welcome.

Regards,
Anil


More information about the security-dev mailing list